<?php 
    include_once "backend/classes/User.php";
    session_start();
    include_once "backend/session.php";
    if (!isLoggedIn()) {exit();}
    if ($_SESSION['User']->UserType != 'Manager') {exit();}
    include_once "backend/db/db_cse305.php";
    
    if (!isset($_GET["type"]) || !isset($_GET["q"])) {
        exit();
    }
?>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title> Order List </title>
        <link rel="stylesheet" type="text/css" href="css/style.css">
        <link rel="stylesheet" type="text/css" href="css/main.css">
        <script src="js/sortable.js"></script>
    </head>
    <body>
        <br/>
        <?php
        
            $type = $_GET["type"];
            $q = $_GET["q"];
            
            
            if ($type == "stock_symbol") {
                echo "<center><h1>Order List for Stock: " . $q . "</h1></center>";
                $query = sprintf("SELECT * FROM orders WHERE StockSymbol = '%s' ORDER BY Time DESC", 
                        mysql_real_escape_string($q));
                $result = mysql_query($query) or die(mysql_error());
                if (mysql_num_rows($result) > 0) {
                    echo "<table id='stock_list_table' class='rounded-corner sortable'>";
                    echo "<thead style='text-align:center;'><tr><th>Transaction ID</th><th>Order ID</th><th>Time</th><th>Order Type</th><th>Number of Shares</th><th>AccountID</th><th>Price/Type</th><th>Percentage</th><th>Fee</th></tr></thead>";
                    echo "<tbody>";
                    while ($row = mysql_fetch_array($result)) {
                        $any = true;
                        echo "<tr><td>" . $row["OrderRowID"] . "</td><td>" . $row["OrderID"] . "</td>";
                        echo "<td>".$row["Time"]."</td>";
                        echo "<td>".$row["OrderType"]."</td>";
                        echo "<td>".$row["NumShares"]."</td>";
                        echo "<td>".$row["AccountID"]."</td>";
                        echo "<td>".$row["PriceType"]."</td>";
                        if (isset($row["Percentage"]) && $row["Percentage"] != null) {
                            echo "<td>".$row["Percentage"]."%</td>";
                        } else {
                            echo "<td>N/A</td>";
                        }
                        echo "<td>".$row["Fee"]."</td>";
                    }
                    echo "</tbody></table>";
                } else {
                    echo "<br/>There are no orders for this stock!<br/>";
                }
            } else if ($type == "customer_id") {
                
                
                $customerName = "";
                $query = sprintf("SELECT * FROM users WHERE UserId = %d", 
                        mysql_real_escape_string($q));
                $result = mysql_query($query) or die(mysql_error());
                if ($row = mysql_fetch_array($result)) {
                    if ($row["UserType"] != 'Customer') {
                        echo "No customer exists with that User ID.";
                        exit();
                    }
                    $customerName = $row["FirstName"] . " " . $row["LastName"];
                } else {
                    echo "No customer exists with that User ID.";
                    exit();
                }
                
                $custAccounts = array();
                $query = sprintf("SELECT * FROM accounts WHERE CustomerUserID = %d", 
                        mysql_real_escape_string($q));
                $result = mysql_query($query) or die(mysql_error());
                $any = false;
                while ($row = mysql_fetch_array($result)) {
                    $any = true;
                    $custAccounts[] = $row["AccountID"];
                }
                if (!$any) {
                    echo "Customer has no accounts!";
                    exit();
                }
                
                $where = implode(" , ", $custAccounts);
                $where = "(" . $where . ")";
                
                echo "<center><h1>Order List for Customer: " . $customerName . " (" . $q . ")</h1></center>";
                $query = sprintf("SELECT * FROM orders WHERE AccountID IN %s ORDER BY Time DESC", $where);
                $result = mysql_query($query) or die(mysql_error());
                if (mysql_num_rows($result) > 0) {
                    echo "<table id='stock_list_table' class='rounded-corner sortable'>";
                    echo "<thead style='text-align:center;'><tr><th>Transaction ID</th><th>Order ID</th><th>Time</th><th>Order Type</th><th>Number of Shares</th><th>AccountID</th><th>Price/Type</th><th>Percentage</th><th>Fee</th></tr></thead>";
                    echo "<tbody>";
                    while ($row = mysql_fetch_array($result)) {
                        $any = true;
                        echo "<tr><td>" . $row["OrderRowID"] . "</td><td>" . $row["OrderID"] . "</td>";
                        echo "<td>".$row["Time"]."</td>";
                        echo "<td>".$row["OrderType"]."</td>";
                        echo "<td>".$row["NumShares"]."</td>";
                        echo "<td>".$row["AccountID"]."</td>";
                        echo "<td>".$row["PriceType"]."</td>";
                        if (isset($row["Percentage"]) && $row["Percentage"] != null) {
                            echo "<td>".$row["Percentage"]."%</td>";
                        } else {
                            echo "<td>N/A</td>";
                        }
                        echo "<td>".$row["Fee"]."</td>";
                    }
                    echo "</tbody></table>";
                } else {
                    echo "<br/>There are no orders for this customer!<br/>";
                }
            } else {
                exit();
            }
        ?>
    </body>
</html>
